Friday, April 15, 2011

Sometimes developers forget to set their user name while committing with git. You may force them by controlling the committer name and the user name used with authentication system. (see gitolite installation.)

Following code also makes use of a ruby script called "geera" to send commit messages to jira issues, check format of commit message etc.

What is Gitolite ?

Gitolite is used to authorize users to read/write to git repositories (or branched/tags..). Gitolite should be installed to server where apache2 (in our case) is installed to serve git repositories.

Here is an excerpt from pro git book (Please see Pro Git book for full article):

Git has started to become very popular in corporate environments, which tend to have some additional requirements in terms of access control. Gitolite was originally created to help with those requirements, but it turns out that it’s equally useful in the open source world: the Fedora Project controls access to their package management repositories (over 10,000 of them!) using gitolite, and this is probably the largest gitolite installation anywhere too.

Gitolite allows you to specify permissions not just by repository, but also by branch or tag names within each repository. That is, you can specify that certain people (or groups of people) can only push certain “refs” (branches or tags) but not others.

Installing Gitolite

Go to folder where apache2 is serving. For example on Ubuntu and Fedora this is generaly /var/www. If it is different on your server; replace directions according to it. Also perhaps location of "git-http-backend" is different in your system ("/usr/libexec/git-core/git-http-backend" is used in following lines.). You need to locate "git-http-backend" on your system and replace it as well. "git-http-backend" comes with "git" installation.

Run following commands: (Do not forget to replace /var/wwww and /usr/libexec/git-core/git-http-backend{color if they are different on your system)

It will be easier if you run these with a super-user (root) and then modify file/folder permissions according to you system. (For example you may want to change ownership of all /var/www to apache or www-data according to your system).

After restarting apache2 you should able to checkout from http with git clone http://user:password@server/git/reponame.git

This configuration will force user to login via http auth. mechanism and if user passes validation (enters correct password); his/her user name will be a cgi variable ($GL_USER) and it will be used by gitolite to determine permissions according to it's own config file.

You can immediately checkout *gitolite-admin.git*, change authorization settings (add new users to config; let users/groups new repositories/branches etc. see [Gitolite Configuration|http://progit.org/book/ch4-8.html] for details.), commit and push to activate/flush changes.

Gitweb Installation and Gitolite Integration

This is pretty easy to setup .

First of all you need the gitweb source. You may already have it try to locate it on your system by command locate "*gitweb*" or clone it from git clone git://git.kernel.org/pub/scm/git/git.git. For ubuntu you can install it via synaptics.

When you locate "gitweb" copy it under "/var/www/gitweb". (Again this may change according to your system).

Include following lines in your apache configuration file. Again the exact file changes according to your system.

With this setting gitweb uses the same http auth. mechanisim that gitolite uses. They both use "/path/to/some/passwdfile" htpasswd file. If you change httpd auth. (for example to ldap); you need to change both settings for gitolite and gitweb. Now we must ensure that after http auth., gitweb should only list and serve the repositories (or branches/tags) for the user logged in according to gitolite permissions configuration:

Find "gitweb.conf" config file and make sure that project root is showing correct repositories (the repositories where the gitolite is serving).:

Please note that there are two gitweb.conf files. One of them is coming with gitweb; this is what we are referring to now. The other one comes with gitolite installation and we refer it with full path "/var/www/gitolite-home/gitolite-source/contrib/gitweb/gitweb.conf". We will include this in gitweb.conf

$projectroot = "/var/www/gitolite-home/repositories";

At the end of same file you must include a configuration that exists in gilolite path (this was already there with gilolite installation). This include will make gitweb to serve repositories only visible to users who has permissions: